Skip to content
Home » How to's

Using GnuPG

1. Requirements and Installation

Todo: source package install

On Debian systems:

apt-get update && apt-get install gpg

2. Configuration

Your "~/.gnupg/gpg.conf" file should contain a valid public keyserver.

You can use the following command to figure out a keyserver:

host -l pgp.net | grep www

For example: "keyserver x-hkp://wwwkeys.eu.pgp.net"

3. Keypair creation

gpg --gen-key

It is strongly recommended to use a 2048 bit key length when security is your prime focus.

gpg --list-public-keys 

/home/jama/.gnupg/pubring.gpg
-----------------------------
pub  1024D/C8CCD788 2001-03-14 Jama Poulsen <jama [at] debianlinux [dot] net>
sub  2048g/B408171A 2001-03-14

4. Encrypting & decrypting files

Encrypting a file:

gpg --encrypt [file]

Decrypting a file:

gpg --decrypt [file]

5. Signing & verifying files

Signing a file:

gpg --sign [file]

This will create a new file called [file].sig

or create a separate '.sig' file which is ASCII formatted and only contains the signature data:

gpg --armor --output [file].sig --detach-sig [file]

Verifying a signed file:

gpg --verify [file].sig

6. Sending signed and encrypted email using Mutt

Signed email:

In mutt type "p" just before sending an email. Then select the (s)ign option by pressing "s". When you send the email you'll be prompted to type-in your GPG passphrase.

Encrypted email:

In mutt type "p" just before sending an email. Then select the encrypt option by pressing "e" When you send the email you'll be prompted to type-in your GPG passphrase.

Note that in order to send an encrypted email, you'll need to have access to the recipients public key.

7. Public key sync

When your public key has been changed due to signing by others, you'll need to update your local public key.

gpg --recv-keys <YOUR_KEY_ID>

If you have the public key stored locally as a file, use this command:
gpg --import <YOUR_KEY_ID>

8. Signing other peoples public keys

These are the steps to sign other peoples public key:

1) gpg --recv-keys <PUBLIC_KEY_ID>

If you have the public key stored locally as a file, use this command:
gpg --import <PUBLIC_KEY_ID>

2) gpg --edit-key <PUBLIC_KEY_ID>

You are now in the GnuPG menu system, from here you can interactively manage your OpenPGP keys.

Type help if you want to know what commands are available.

3) check
4) sign or when only signing a specific UID for this key, use [uid_number] sign
5) check
6) save

Now you should upload the signed public key to a public keyserver:

7) gpg --send-keys

9. Keysigning methods

Todo:

  • Explain web of trust
  • Differences with CA signing
  • Long-distance keysigning
  • Face-to-face keysigning
  • Enchanged keysigning

10. Key Management

Todo:

  • Public keyservers
  • Keypair synchronization between: work, home, notebook, pda
  • Backup
  • Revoking your keypair
  • Adding an UID to an existing keypair

11. Other GPG uses

12. References

Sedo - Buy and Sell Domain Names and Websites project info: debianlinux.net Statistics for project debianlinux.net etracker® web controlling instead of log file analysis